(12) United States Patent 

Matsumoto et al. 



ilium 



US006711264B1 

(io) Patent No.: US 6,711,264 Bl 
(45) Date of Patent: Mar, 23, 2004 



(54) SECURITY IMPROVEMENT METHOD AND 
SECURITY SYSTEM 

(75) Inventors: Tatsuro Matsumoto, Kawasaki (JP); 

Kazuki Matsui, Kawasaki (JP) 

(73) Assignee: Fujitsu Limited, Kawasaki (JP) 

( * ) Notice: Subject to any disclaimer, the term of this 
patent is extended or adjusted under 35 
U.S.C. 154(b) by 0 days, 

(21) Appl. No.: 09/414,502 

(22) Filed: Oct. 8, 1999 

(30) Foreign Application Priority Data 

Oct. 29, 1998 (JP) 10-308007 

(51) Int. CI. 7 H04L 9/00 

(52) U.S. CI 380/283; 380/277 

(58) Field of Search 380/277, 283 

(56) References Cited 

U.S. PATENT DOCUMENTS 



4,965,804 
5,434,920 
5,452,358 
5,513,261 
6,105,131 
6,151,677 
6,157,722 
6,189,100 Bl 
6,263,437 Bl 
6,266,413 Bl 
6,385,730 B2 



A 
A 
A 
A 
A 
A 
A 



10/1990 Trbovich et al 713/153 

7/1995 Cox et al 380/257 

9/1995 Normile et al 380/42 

4/1996 Maher 380/277 

8/2000 Carroll 713/155 

11/2000 Walter et al 713/183 

12/2000 Lerner et al 380/260 

2/2001 Barr et al 713/182 

7/2001 Liao et al 713/169 

7/2001 Shefi 380/46 

5/2002 Garrison 713/202 



FOREIGN PATENT DOCUMENTS 
JP 9-321748 12/1997 

* cited by examiner 

Primary Examiner — Justin T. D arrow 

(74) Attorney, Agent, or F/rm— Staas & Halsey LLP 



(57) 



ABSTRACT 



A security system prevents a commonly shared encryption 
key from being deciphered by an unwelcome party, while 
providing easier administration of encryption keys. The 
security system includes a memorizer 2, an encrypter/ 
decrypter 8, a user administrator 3, a key obtaincr 4, and a 
key distributor 5. Once the chat client joins a channel, the 
user administrator 3 obtains and stores user information 
from the chat server. The user information includes a nick- 
name list. The key obtainer 4 selects one from other user 
terminals to request an encryption key therefrom. Once the 
key obtainer 4 receives the encryption key sent by the 
selected user terminal, the key obtainer 4 stores the encryp- 
tion key in the memorizer 2. When the user terminal receives 
a request for an encryption key from another user, the key 
distributor retrieves and sends the encryption key from the 
memorizer 2 of the requesting user terminal. The security 
system 1 should have a key updater 6, which updates an 
encryption key whenever a predetermined trigger occurs. 
Thus, the encryption key is less likely to be deciphered. Only 
user terminals with the key distribution and/or update prop- 
erties can distribute and/or update an encryption key. The 
key distribution and update properties can be granted as part 
of the user information. 

22 Claims, 7 Drawing Sheets 
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Key Obtainment Process Flow Chart 
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Key Distribution Process Flow chart 
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SECURITY IMPROVEMENT METHOD AND 
SECURITY SYSTEM 

BACKGROUND OF THE INVENTION 
A Field of the Invention 

The present invention relates to a technology that 
improves security of communications that take place in a 
computer network such as an intranet or the internet. More 
specifically, the preseat invention relates to a technology that 
improves security of conversations that take place in a chat 
system. 

B. Definition of Terms 

Hereinafter, a chat system refers to a system which 15 
includes a chat server and a plurality of chat clients, where 
a plurality of users can communicate each other simulta- 
neously sharing a single channel A channel is a virtual space 
where users are logically divided into a group, and what one 
of the users comments is broadcasted to all of the users who 20 
share the channel. A nickname is a name that identifies a user 
in a chat system. A channel operator property is an authority 
to administer users and modes within a channel. A bot is a 
software robot that participates in a channel to provide 
various services therein. 

C. Description of the Related Art 
Conventionally, in a chat system having a chat server and 

a plurality of chat clients, security of conversations between 
chat clients has been protected by encrypting conversation 
messages with a common key. The common key can be, for 
instance, a channel encryption key created by the chat server 
and distributed to a plurality of chat clients. 

Also, there has been known a security method where a bot 
is connected to the server as one of chat clients, and the bot 
creates, distributes, and administers channel encryption 
keys. Another security method has been known where chat 
clients are provided with channel encryption keys in 
advance. 

PROBLEM TO BE SOLVED BY THE 
INVENTION 

In the above described method where the chat server 
creates channel encryption keys and distributes them to chat 
clients, security of conversation is protected in a communi- 
cation path between the clients and the server. However, 
since the server has the channel encryption key, conversation 
messages may be decrypted on the server. 

With the method where the bot administers the channel 



messages encrypted/decrypted with a channel encryption 
key, by making decryption of the channel encryption key 
difficult, while decreasing burden of administering the chan- 
nel encryption key. 
5 In accordance with one aspect of the present invention, a 
security method for ensuring privacy and security in a 
communication system where communication devices are 
configured to conduct simultaneous two-way communica- 
tion via a single network. The security improvement method 
1° comprises steps of: 

(A) generating an encryption key at at least one of the 
communication devices, where the encryption key is 
adapted to encrypt and decrypt communication con- 
tents within the network; 

(B) requesting the encryption key from one of the other 
communication devices after a communication device 
joins the network; 

(C) upon receiving a request for the encryption key from 
one of the communication devices, giving the gener- 
ated encryption key to the requesting communication 
device; and 

(D) encrypting and decrypting communication contents 
exchanged between the communication devices within 
the network. 

If the security improvement method is applied to a chat 
system, a channel encryption key is generated by a user who 
opened a channel. A user who joined the channel afterward 
requests the channel encryption key from the first user. The 
30 first user grants the encryption key upon receiving the 
request. In the present invention, the cannel encryption key 
is distributed in this manner, whereby channel encryption is 
not deciphered at the server or the bot. 

Preferably, the security system of the present invention is 
35 utilized in a communication device that is configured to 
conduct simultaneous two-way communication with other 
communication devices sharing a single network. The secu- 
rity system preferably comprises memorizing means, 
encrypting means, decrypting means, user administering 
40 means, key obtaining means and key distributing means. 
The memorizing means memorizes an encryption key 
adapted to encrypt and decrypt communication contents 
within the shared network. The encrypting means obtains 
communication contents from the communication device 
45 and encrypts the communication contents with the encryp- 
tion key. The decrypting means obtains communication 
contents from the communication device and decrypts the 
communication contents with the encryption key. 

The user administering means obtains from the commu- 



25 



encryption keys, conversation messages can not be so nication device predetermined user information when the 



decrypted on the chat server, but may be decrypted on the 
bot. Also, it is troublesome to operate the bot, which has to 
be operated separately from the server. Although the method 
where chat clients are provided with channel encryption 
keys is simple, it does not allow the key to be updated. 
Therefore there is a higher possibility of the key being 
decrypted. 

In view of the above, there exists a need for an improved 
security system for a chat system which overcomes the 



communication device participates in the network, and 
stores the user information in the memorizing means. The 
user information includes at least a list of other communi- 
cation devices that participate in the network. The key 
55 obtaining means selects a communication device from one 
of the other communication devices in the list, requests an 
encryption key from the selected communication device, 
and stores the encryption key in the memorizing means 
when the encryption key is sent from the selected commu- 



above mentioned problems in the prior art. This invention 60 nication device upon the request. The key distributing means 



addresses this need in the prior art as well as other needs, 
which will become apparent to those skilled in the art from 
this disclosure. 

SUMMARY OF THE INVENTION 

One object of the present invention is to provide a method 
of and a device for improving security of conversation 



65 



retrieves an encryption key from the memorizing means and 
distributes the encryption key to another communication 
device when the another communication device sent a 
request for the encryption key. 

When the security system is utilized with a chat client, the 
user administering means obtains from the chat client user 
information including a list of nicknames of users who 
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participate in the channel. The key obtaining means selects 
a user from the nickname list, and requests a channel 
encryption key from the user. At the user terminal, which 
received the request, the key distributing means retrieves a 
channel encryption key from the memorizing means, and 5 
sends the channel encryption key to the requesting user 
terminal. At the requesting user terminal, the key obtaining 
means receives the channel encryption key, and stores the 
channel encryption key in the memorizing means. The 
encrypting means and the decrypting means thereafter 10 
encrypt and decrypt conversation messages using the chan- 
nel encryption key stored in the memorizing means. 

Preferably, the security system is adapted to be coordi- 
nated with coordinating means of the communication 
device. The coordinating means is adapted to relay between 15 
the communication device and the security system a request 
for an encryption key, the encryption key sent upon the 
request, information regarding the user information and 
communication contents. The communication contents are 
relayed only when a predetermined condition is met. 20 

When communication content received in encrypted, the 
coordinating means sends the communication content to the 
security system. After the communication content is 
decrypted in the security system, the decrypted communi- 
cation content is sent from the security system to the 25 
communication device via the coordinating means, and is 
displayed in a similar manner as in the case of regular 
communication content. When communication content 
needs to be encrypted, the coordinating means sends the 
inputted communication content to the security system. 30 
After the communication content is encrypted in the security 
system, the encrypted communication content is sent from 
the security system to the communication device via the 
coordinating means, and is sent out in a similar manner as 
in the case of regular communication content. 35 

Preferably in the security system of the present invention, 
the user administering means grants key distribution prop- 
erty based on the user information and stores the key 
distribution property in the memorizing means, where the 
key distribution property is adapted to allow distribution of 40 
an encryption key to another security system. 

Achat client can obtain, as user information, informations 
such as nickname, user ID, whether the user is a channel 
operator or not. By making the key distribution property 
correspond to the channel operator property, the key chstri- 45 
bution property can be configured to be granted if the user 
is a channel operator. 

Preferably in the security system of the present invention, 
the user administering means selects another communica- 
tion device based on a predetermined condition. The user 50 
administering means also grants key distribution property to 
the selected communication device, and obtains from the 
communication device a setting of the key distribution 
property and a name of a communication device to which the 
setting applies. The user administering means also stores the 55 
setting and the name in the memorizing means. 

For instance, if the chat client has opened a channel, the 
user administering means of the chat client selects another 
user terminal. The user administering means can select user 
terminals by selecting a predetermined number of user 60 
terminals randomly from the chat clients who participate in 
the channel, or by selecting a predetermined number of chat 
clients in order of participation in the channel. To allow 
other user terminals to grant the key distribution property, 
the key distribution property should be configurable as part 65 
of the user information by adding an extension protocol to 
a protocol of the chat system. It is also possible to make the 
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key distribution property grantable by other user terminals 
through a setting command, as in the case of setting a 
channel operator. 

Preferably in the security system of the present invention, 
the user administering means accepts a selection of another 
communication device, and a command for granting and 
canceling the key distribution property to the selected com- 
munication device, where the key distribution property 
allows distribution of an encryption key, obtains from the 
selected communication device a setting of the key distri- 
bution property and a name of the communication device to 
which the setting applies, and stores the setting and the name 
of the communication device in said memorizing means. 

By allowing the user to grant and cancel the key distri- 
bution property, the user can adjust the amount of burden of 
key distribution at each user terminal. 

Preferably in the security system of the present invention, 
the key obtaining means selects, based on a predetermined 
condition, a communication device from which an encryp- 
tion key is requested. 

In other words, the key obtaining means selects a user 
terminal from which a channel encryption key is requested 
by generating random numbers or by applying a predeter- 
mined condition such as that the user terminal to be selected 
should have the key distribution property. 

Preferably in the security system of the present invention, 
the key obtaining means selects, based on a predetermined 
condition, a communication device from which an encryp- 
tion key is requested, requests an encryption key from the 
selected communication device, and if the communication 
device does not send the encryption key within a predeter- 
mined period of time, selects another communication device 
for requesting an encryption key therefrom. 

If the encryption key is not sent from the requested user 
terminal for more than a predetermined period of time, the 
key obtaining means determines that the requested user 
terminal had a trouble in sending the encryption key, and 
therefore reselects another user terminal to request the 
encryption key therefrom. The user terminal is selected 
based on a predetermined condition such as that the user 
terminal to be selected should have the key distribution 
property. 

Preferably in the security system of the present invention, 
the key obtaining means requests obtainment of an encryp- 
tion key when the communication contents are encrypted. 

For instance, if a chat system is configured to be in 
encryption mode, where all the communication contents 
within the channel are encrypted, the key obtaining means 
obtains from the chat client the mode of the channel in which 
the user participates. If the encryption mode is on, the key 
obtaining means requests obtainment of an encryption key. 

Preferably in the security system of the present invention, 
the decrypting means determines that a request for an 
encryption key should be made when communication con- 
tents received from the communication device cannot be 
decrypted; and the key obtaining means requests obtainment 
of an encryption key based on the determination of said 
decrypting means. 

The security system can also be configured to allow the 
encryption mode to be changed for each conversation mes- 
sage. For instance, the user chooses whether a conversation 
message should be encrypted or not by pressing an on/off 
command button shown by the GUI (Graphic User 
Interface). When the encryption mode is on, the encrypting 
means attaches an encryption flag at the beginning of the 
encrypted conversation message. The communication 
device adds a send command to the conversation message, 
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and sends them to the network. When the receiving user retrieves a channel encryption key from the memorizing 

terminal does not have an encryption key to decrypt the means, and sends it to the requesting user terminal. In the 

encrypted conversation message, or when the encryption previous example where the public key of the requesting 

key that the receiving user terminal has cannot decrypted the user terminal is utilized to encrypt the encryption key, the 

received encrypted conversation message, the decrypting 5 key distributing means should also verify the legitimacy of 

means of the receiving user terminal determines that an the public key. Examples of legitimate public key include a 

encryption key should be requested. The key obtaining public key having an electronic signature of authenticate r, 

means of the receiving user terminal requests obtainment of and a public key having an electronic key of the user from 

an encryption key based on the determination of the decrypt- whom the electronic key is requested, 

ing means. io In accordance with another aspect of the present 

Preferably in the security system of the present invention, invention, the security system of the present invention 

the memorizing means stores a plurality of encryption keys further includes key updating means for updating an encryp- 

and key identification IDs in a manner in which the encryp- tion key at a predetermined time, and distributing the 

tion keys and the key identification IDs correspond to each updated encryption key to other communication devices, 

other. The encrypting means is adapted to send key identi- 15 By updating the encryption key at certain times, it 

fication information and communication contents to the becomes more difficult for a third party to decipher the 

network via the communication device. The key identifica- encryption key, whereby communications are protected bet- 

tion information identifies the encryption key to be used for ter. Examples of times at which the encryption key can be 

encrypting the communication content. The decrypting updated include: every certain period of time; when a certain 

means examines whether an encryption key identified by 20 number or a certain amount of conversation messages has 

key identification information is stored in said memorizing been made in the channel; when the number of participants 

means. If the encryption identified by the key identification in the network exceeds a predetermined number; when a 

information is not stored in said memorizing means the key certain period of time elapsed since the last comment made; 

obtaining means requests obtainment of an encryption key and when the requests an encryption key be updated. It is 

specifying the key identification information. 25 also possible to configure the key updating means such that 

In this case, the encryption mode is set for each conver- an encryption key is distributed only when conversations in 

sation message. If the decrypting means determines that the the channel stop, not while the conversations in the channel 

user terminal does not have the encryption key used for continue. 

encrypting the particular conversation, the key obtaining In accordance with another aspect of the present 

means requests obtainment of a channel encryption key 30 invention, the security system of the present invention 

based on the determination. The key obtaining means iden- further includes key updating means for updating an encryp- 

tifies the particular encryption key requested by identifying tion key at a predetermined time, and distributing the 

a key identification number. Examples of key identification updated encryption key to other communication devices 

number include a serial number of the channel encryption after encrypting the updated encryption key with a second 

key assigned to each channel encryption key generated since 35 latest encryption key. 

the channel is opened, and a value obtained by applying a By encrypting the updated encryption key with the second 

one-way function such as hash function to a channel encryp- latest encryption key, it is less likely that the updated 

tion key. encryption key will be deciphered while being distributed. 

Preferably in the security system of the present invention, Preferably in the security system of the present invention, 

the key obtaining means sends a public key of a requesting 40 the key updating means generates an encryption key based 

user from a public key encryption system along with the on any or a combination of secret information stored inside 

request for an encryption key, and decrypts the encryption each communication device, time information, and informa- 

key with a private key of the requesting user from the public tion unique to the network. 

key encryption system when the encryption key is sent. The Anew encryption key can be generated from, for instance, 

key distributing means distributes an encryption key after 45 a serial number of the mother board, an address in which the 

encrypting the encryption key with the public key from the program is stored, time at which the encryption key is to be 

public key encryption system of the requesting user. updated, channel name, and/or a password. 

The key obtaining means of the requesting communica- Preferably in the security system of the present invention, 

tion device requests an encryption key by giving its own the key updating means generates an encryption key by 

public key. The key obtaining means of the communication 50 applying a one-way function, to any or a combination of 

device, which received the request, sends the requested secret information stored inside each communication device, 

encryption key after encrypting the encryption key with the time information, and information unique to the network, 

public key. Upon receiving the encrypted encryption key, the A new encryption key can be generated by applying hash 

key obtaining means of the requesting communication function to, for instance, a serial number of the mother 

device decrypts the encrypted encryption key, thereby 55 board, an address in which the program is stored, time at 

obtaining the encryption key. which the encryption key is to be updated, channel name, 

In accordance with another aspect of the present and/or a password, 

invention, when a request for an encryption key is sent from Preferably in the security system of the present invention, 

one of the other communication devices, the key distributing the user administering means sets key update property b ased 

means is adapted to verify the request, retrieve one of the 60 on the user information obtained, with the key update 

encryption keys based on a result of the verification, and property adapted to allow update and distribution of an 

send the encryption key to the requesting communication encryption key, and stores the key update property in the 

device. memorizing means. The security system further includes 

At a communication device, which received a request for key updating means for updating an encryption key at a 

a channel encryption key, the key distributing means verifies 65 predetermined time based on the setting of the key update 

the legitimacy of the request. If it turns out that the request property, and distributing the encryption key to other com- 

came from a legitimate user, the key obtaining means munication devices. 
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As in the case of the above described key distribution user has key update property. The key update property 

property, the key update property can be granted to users allows the user to update and distribute the encryption key 

who have the channel operator property, or to users who to other users. The key update property also allows the user 

stayed in a channel through the end thereof. The key update to grant the key update property and the updating sequence 

property can also be made configurable as part of the user 5 to the communication device. The key update property also 

information by adding an extension protocol to the original allows the user to obtain from the communication device 

protocols. The key updating property can also be made settings for the key update property, the updating sequence 

configurable through a configuration command of a channel and a name of the communication device to which the 

operator. settings apply. The key update property also allows the user 

In accordance with another aspect of the present 10 to store the settings and the name in said memorizing means, 

invention, the user administering means is adapted to select and rewrite the updating sequence as the user information 

another communication device based on a predetermined changes, 

condition when the user has key update property which For instance, the communication device that is the first in 

allows distribution of an encryption key, grant the key the updating sequence can distribute and update a channel 

update property to the selected communication device, 15 encryption key. The communication devices that are second 

obtain a setting of the key update property and a name of the or later in the updating sequence receive a new channel 

communication device to which the setting applies, and encryption key distributed by the communication device that 

store the setting and the name of the communication device is the first in the updating sequence. When the communica- 

in said memorizing means. The security system further tion device that is first in the updating sequence leaves the 

includes key updating means for updating an encryption key 20 network, or when a predetermined period of time elapsed 

at a predetermined time based on the setting of the key since the last time an encryption key was updated, and 

update property, and distributing the encryption key to other therefore it is determined that the communication device that 

communication devices. is first in the updating sequence had a trouble updating the 

Users who have the key updating property can allow other encryption key, the communication devices that are second 
users to grant the key updating property. The other users are 25 or later in the updating sequence automatically shift in order 
selected by randomly selecting a predetermined number of by one from the prior order stored in the user information, 
communication devices, by selecting a predetermined num- Thereafter, the communication device that became first in 
ber of communication devices in order of participation in the the order distributes and updates an encryption key. 
channel, or by selecting communication devices from the In accordance with another aspect of the present 
communication device list. The key update property can be 30 invention, the security improvement system comprises a 
granted by setting a new command in the chat system. User plurality of communication devices adapted to conduct 
terminals participating in the chat system update the user simultaneous two-way communication sharing a single net- 
information according to the command. work. Each of the communication devices includes memo- 

Preferably in the security system of the present invention, rizing means, encrypting means, decrypting means, user 

the user administering means grants key update property and 35 administering means, key obtaining means, and key distrib- 

an updating order or sequence based on the obtained user uting means. 

information, and stores the key update property and the The memorizing means memorizes an encryption key 

updating order or sequence in the memorizing means. The adapted to encrypt and decrypt communication contents 

key update property is adapted to allow update and distri- within the shared network. 

bution of an encryption key. The security system further 40 The encrypting means obtains communication contents 

includes key updating means for updating an encryption key from the communication devices, and encrypts the commu- 

at a predetermined time based on key update property and an nication contents with the encryption key. The decrypting 

order or sequence, and distributing the encryption key to means obtains communication contents from the communi- 

other communication devices. cation devices and decrypts the communication contents 

For example, the key update property can be granted to 45 with the encryption key. The user administering means 

users who have the channel operator property, whereas the obtains from the communication device predetermined user 

updating sequence can be the order in which the user information when the communication device participates in 

participated in the channel. The user administering means of the network, and storing the user information in the memo- 

a user terminal which is second or later in the updating rizing means. The user information includes at least a list of 

sequence automatically shifts upwardly when the commu- 50 other communication devices that participate in the network, 

nication device which is first in the updating sequence leaves The key obtaining means selects a communication device 

the network, or when a certain period of time elapsed since from the communication devices in the list, requests an 

the last time an encryption key was updated and therefore it encryption key from the selected communication device, 

is determined that the communication device with the first and stores the encryption key in the memorizing means 

order had a trouble updating the encryption key. The order 55 when the encryption key is sent from the selected commu- 

in the updating sequence is shifted upward by one from the nication device upon the request. The key distributing means 

prior order given in the user information. Thereafter, the retrieves an encryption key from the memorizing means and 

communication device that became first in the updating distributes the encryption key to another communication 

sequence generates an encryption key at a predetermined device when the another communication device sent a 

time. 60 request for the encryption key. Preferably, this security 

The security system further includes key update means for system of the present invention has similar effects as the 

updating an encryption key at a predetermined time based on security system of discussed above, 

key update property and an order, and distributing an Preferably in the security system of the present invention, 

encryption key to other communication devices. Preferably a computer readable recording medium is to be utilized in a 

in the security system of the present invention, the user 65 communication device that is adapted to conduct simulta- 

administering means is adapted to select another communi- neous two-way communication with other communication 

cation device based on a predetermined condition when a devices sharing a single network. The computer readable 
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recording medium contains a security improvement program present invention. In the preferred embodiments described 

therein. The security improvement program is configured to hereinafter, the security system 1 of the present invention is 

execute the steps of: utilized together with a chat client 10 in a communication 

(A) storing an encryption key adapted to encrypt and device for improving the security within a communication or 
decrypt communication contents within the shared net- 5 chat system to protect the privacy of the communications 
work; occurring therein. 

(B) encrypting the communication contents with the Embodiment 
encryption key; 

(C) decrypting the communication contents with the A first embodiment will now be described for use with a 
encryption key 10 cnat system to illustrate one example of an application of the 

(D) obtaining from the communication device predeter- P resent invention. It should be understood that other appli- 
mined user information when the communication catl0ns of ^ invention are possible. 

device participates in the network, and storing the user In such a cnat system, conversation messages or comrau- 

information in memorizing means, with the user infor- nications (i.e. real time messages sent back and forth 

mation including at least a list of other communication between a plurality of users at communication devices) are 

devices that participate in the network; encrypted by each message sender and decrypted by each 

(E) selecting a communication device from the commu- receiving user engaged in the conversation in a specific chat 
nication devices in the list, requesting an encryption room - An example of a chat system that is administered by 
key from the selected communication device, and stor- 20 a chat 15 schematically depicted in FIG. 1. 

ing the encryption key in the memorizing means when As depicted in FIG. 1, the chat system basically includes 

the encryption key is sent from the selected commu- (he chat server connected to a plurality of communication 

nication device upon the request; and devices such as user terminals A, B, C, D and E. Of course, 

(F) retrieving an encryption key from the memorizing other l yP es of communication devices can be used with the 
means and distributing the encryption key to another 25 present invention. Typically, one user uses a communication 
communication device when the another communica- devicc or user tcrmmal t0 en S a S c m a conversation in a chat 
tion device sent a request for the encryption key. room administered by the chat server which a plurality of 
Preferably, this security system of the present invention other users > each user at hls or her own communication 
has similar effects as the security system of discussed device or user terminal. The chat server and the commum- 
a b ove 30 cation devices or user terminals A, B, C, D and E are 

These and other objects, features, aspects and advantages connected via a communication or computer network to the 
of the present invention will become readily apparent to chat server. The communication network may be any of a 
those skilled in the art from the following detailed variety of computer networks, such as a Local Are a Network 
description, which, taken in conjunction with the accompa- (LAN) or the Internet. The communication network allows 
nying drawings, discloses preferred embodiments of the 35 for real time electronic communication between the corn- 
present invention. In the accompanying drawings like ref- munication devices or user terminals A, B, C, D and E and 
erence numerals are used to denote corresponding parts the chat server. 

throughout. Th e chat server may be configured to administer a plu- 

, _ TT>T _ rality of chat rooms or chat channels by directing commu- 

BRIEF DESCRIPTION OF THE DRAWINGS ^ nica £ ons in md QUt of each individual c ' hat cham f els to and 

Referring now to the accompanying drawings which form from the user terminals accessing each individual chat 

a part of this original disclosure: channel. Specifically, communications are segregated. Thus, 

FIG. 1 is a functional block view of a security system in only messages sent to a specific chat channel are allowed to 

accordance with first embodiment of the present invention; be transmitted to user terminals logged on to that specific 

FIG. 2 is an explanatory view showing an example of user 45 chat channel, 

information for use in security systems in accordance with In the description below, each chat channel is an elec- 

thc present invention; tronic conference room having an identifier such as a name 

FIG. 3 is a flowchart showing the main process executed or address, unique to that chat channel. As is described in 

by security systems in accordance with selected embodi- greater detail below, when the invention is used in a group 

ments of the present invention; so e-mail application, each user of an e-mail type electronic 

FIG. 4 is a flowchart showing the key obtainment process conference room is identified in a user list. For example, 

executed by security systems in accordance with selected each user is identified by an e-mail address such that each 

embodiments of the present invention; user has his or her own unique e-mail address. 

FIG. 5 is a flowchart showing the key distribution process As shown in FIG. 1, the chat system includes user 

executed by security systems in accordance with selected 55 terminals A, B, C, D and E engaged in a conversation with 

embodiments of the present invention; one another on a chat channel administered by the chat 

FIG. 6 is a flowchart showing the request verification server. Each of the user terminals A, B, C, D and E on the 

process executed by security systems in accordance with chat channel includes a security program or system 1 

selected embodiments of the present invention; and installed therein. Only five user terminals are depicted in 

FIG. 7 is a flowchart showing the key update process 60 FIG. 1. However, it should be understood that any number 
executed by security systems in accordance with selected of user terminals could be installed with the secunty pro- 
embodiments of the present invention. S ram or svstem x > so lon g as each user terminal is authorized 

to participate in communications in the electronic confer- 

DETAILED DESCRIPTION OF THE ence room ( chat channel or chat room). It should also be 

INVENTION 65 understood that the user terminals A, B, C, D and E are, for 

Referring to FIGS. 1-7, security systems are described instance, personal computers or similar terminal devices that 

below in accordance with preferred embodiments of the include a display or monitor such as a CRT, a storage means 
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such as a hard drive, a central processing unit (CPU) the key update property is allowed to update a channel 

memory such as RAM and a means for connecting to the encryption key and also to distribute the channel encryption 

network such as LAN card or a modem. key to other user terminals. 

In order to log onto a chat room or communicate in an The channel operator property in this context indicates the 

electronic conference room, some kind of computer com- s user who opened the channel This user is called the operator 

munication software application is necessary to effectively of ^ channel or the channel operator. The channel operator 

communicate with the chat server and other user terminals. » ff«^ tasks of generating and distributing 

The computer software may be any of a variety of software at f st chanQe ] 1 encryption key 

applications. However, for the purpose of describing the V*™"* the f chal . c f hents ,. 10 C * Q '5^1*^ 

present application, th software Application used to com- 10 certain kinds of user inf ormaUon about the other user^ nth 

• . u ,i_ i . c n u • channel from the chat server by merely participating in a 

mumcatc wxth the electronic conference room will herein- channel ^ ^ Qf ^ information that a chat client 10 

after be referred to as a chat client 10 installed in each of the can automatically obtain includes (1) nicknam e, (2) real or 

user terminals A, B, C, D and E. actual name of ^ ^ (3)-user ID for identifying a 

FIG. 1 shows a functional structure of a communication particular user in the network, (4) client name for identifying 

chat system, which is utilized together with a chat client 10. 15 a users terminal which runs a particular chat client, (5) 

Any of the plurality of the user terminals A, B, C, D, and E server name which identifies the server to which the users 

in FIG. 1 can run chat client 10 thereon. The user terminals terminal is connected, (6) list of channels to which each of 

A-E are connected to each other via the chat server and a the users is connected, (7) idle time between communica- 

computer network. A security system 1, as well as the chat tions made by the user in the channel and (8) the channel 

client 10 is installed in each of the users' terminals. 20 operator property status (0/1). Each user should have at least 

The security system 1 basically includes a memorizer 2, one unique piece of user information to distinguish that user 

a user administrator 3, a key obtainer 4, a key distributor 5, from other users in the channel. Out of the above-mentioned 

a key updater 6, a key generator 7 and an encrypter/ user information, the nickname is preferably used to identify 

decrypter 8. The security system 1 is operatively coupled to ^ a user in a channel. 

the chat client 10 and a user database (DB) 9. The chat cfient [ n the examples of user information shown in FIG. 2, the 

10 includes a coordinator 11 and assignor 12, which function chat client 10 preferably obtains all of the above-listed kinds 

with one or more portions of the security system 1 and the 0 f user information (1-8) from the chat server. The chat 

user database (DB) 9. In this embodiment, channel encryp- client 10 then writes the user information to the user 

tion keys for encrypting ' and/or decrypting conversation ^ database (DB) 9. The user administrator 3 grants or assigns 

messages are generated and/or distributed by one or more of the key distribution property and the key update property as 

the user terminals A-E, each of which has a security system needed based upon the channel operator property in the user 

1 and a chat client 10 installed thereon. information that the chat client 10 obtained from the chat 
The memorizer 2 stores a public key and a private key of server. The key distribution property and the key update 

the user. The public key and the private key are generated 35 property are then stored in the user database (DB) 9. 

according to the public key encryption system. The memo- In the illustrated example, if the channel operator property 

rizer 2 also receives a channel encryption key from the key is set to "1", the key distribution property and the key update 

obtainer 4 for encrypting and/or decrypting conversation property are also set as "1". In other words, the key 

messages in a channel in which the chat client 10 partici- distribution property and the key update property are granted 

pates. The memorizer 2 stores the channel encryption key at 4Q or granted to the user, if the client server has set the channel 

the user terminal. Furthermore, the memorizer 2 also operator property of the user to "1". 

receives and stores an encryption key ID from the ; key The user administrator 3 is informed by the coordinator 11 

obtainer 4. The encryption key ID identifies a certain chan- 0 f the chat client 10 of changes in the user information such 

nel encryption key. The memorizer 2 stores the channel as the setting of a new channel operator or a user entering or 

encryption key and the encryption key ID in an encryption 45 leaving the channel. In this way, the user information is 

key list such that the channel encryption key and the updated in the security system 1 as changes arise in the 

encryption key ID correspond to each other. The memorizer channel. The coordinator 11 will be explained in more detail 

2 can store more than one channel encryption key with the later. 

corresponding encryption key ID. When several channel Of course, there are other ways to grant or change the key 

encryption keys are stored, it is preferable that the user set 5Q distribution property and the key update property. One of the 

the maximum number of channel encryption keys that can ways to grant or change the settings of these properties is for 

be stored in the memorizer 2 in advance. t he user administrator 3 of the security system 1 at the user 

The user administrator 3 refers to user information for terminal to select users according to predetermined 

setting key distribution property and key update property conditions, and sets these properties for each user based on 

based upon the user information. A chat client 10 obtains 55 the predetermined condition. In other words, the key distri- 

user information from the chat server. FIG. 2 shows an bution property and the key update property of one user is 

example of user information that includes the key distribu- set by the user administrator 3 of another user in the channel, 

tion property and the key update property. u sers to w hom the key distribution property is to be given 

The key distribution property in this context indicates can be selected in various ways. For example, the key 

who is assigned the task of distributing a channel encryption 60 distribution property can be granted to users by selecting a 

key to other user terminals. In other words, the user who has predetermined number of users randomly by generating 

the key distribution property is allowed to distribute a random numbers. Alternatively, the key distribution prop- 

channel encryption key to other user terminals. erty can be granted to users either manually or automatically 

The key update property in this context indicates who is by selecting a predetermined number of users based upon 

assigned the task of updating a channel encryption key and 65 the order the user joined the channel. Also, the key distri- 

also the task of distributing the channel encryption key to bution property can be granted by selecting a first user who 

other user terminals. In other words, the user who is assigned in turn selects other users. 
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Users to whom the key update property is to be given can 
be selected in various ways. For example, the key update 
property can be granted to users by selecting the user or 
users who opened the channel. Alternatively, the key update 
property can be granted to users by selecting users who will 5 
stay in a channel through the end of the channel. Users to 
whom the key update property is to be given can also be 
selected by having the users, who already have the key 
update property, select a predetermined number of other 
users. For instance, the users can select additional users to be 
granted the key update property based upon the order the 
user joined or started participating in a channel. Also, the 
users who have the key update property can also manually 
select a predetermined number of other users based upon the 
needs of the users in the channel, 15 

Another way to grant the key distribution property and the 
key update property to the selected users is to install a 
property distribution command. As an example, suppose that 
a command for granting the key distribution property is 
"MODE #CH1 +d userA", while the command for granting 20 
the key update property is "MODE #CH1 +x userA". Here, 
#CH1 is a channel name, and userA is a nickname of a user 
within the channel. The user administrator 3 specifies what 
property should be distributed to which users, and then sends 
the commands to all of the chat clients 10 of the user 2 s 
terminals that are participating in the channel. In the user 
terminals that receive the command, the user administrator 
3 receives the command via the chat client 10. The user 
administrator 3 then interprets the command, and rewrites or 
stores the user information in the user database (DB) 9 at the 3G 
user terminal. 

When several of users have been granted the key update 
property, the user administrator 3 of one of the user termi- 
nals should also set an order or sequence in which the 
channel encryption key should be updated by the various 35 
users with the key update property. For example, each user 
with the key update property can assign a new channel 
encryption key based on the order or sequence in which the 
user joined the channel relative to the other users. In other 
words, the user who first opened the channel is given the 40 
channel operator property and the key update property will 
be the first one to update the channel encryption key. 
Similarly, the order or sequence in which other users can 
update the channel encryption key is based upon the order or 
sequence in which the user participated or joined in the 45 
channel relative to the other users. 

Alternatively, only one user is initially given the key 
update property. This first user then randomly or manually 
grants a number of other users the key update property. This 
process can be done by the user administrator 3 of the first 50 
user terminal. The first user who originally had the key 
update property will also be the first user to update the 
channel encryption key. Then, the other users that are 
selected by the user administrator 3 of the first user terminal 
are given the key update property randomly or manually. For 55 
example, the other users with the key update property are 
then assigned a position in the updating sequence by the 
order of participation in the channel relative to the other 
users. In this way, the order or sequence in which the 
channel encryption key is updated by the several users is eo 
determined. 

The command for granting the key update property pref- 
erably includes the position in the updating sequence in 
which the user will update the channel encryption key. For 
example, a setting for the relative position in which the users 65 
update the channel encryption key can be included in the 
command for granting the key update property by adding a 
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natural number "n" after an extension "x" in the command, 
where the number "n" shows the order of the user. In other 
words, a command for both granting the key update property 
to "userA" and for assigning "userA" the second position in 
the sequence for updating the channel encryption key is 
"MODE #CH1 +x2 userA". The updating order or sequence 
and the assignment of the key update property are sent to all 
the user terminals in the channel. In this way, the user 
administrator 3 of each user terminal can rewrite the updat- 
ing order or sequence whenever a change occurs in user 
information. For instance, when one of the users that has 
been assigned the key update property leaves the channel, 
the order or sequence in which the users update the channel 
encryption key changes. In other words, the sequence of the 
rest of the users with the key update property are affected 
because of the leaving user. 

The key obtainer 4 selects other users according to 
predetermined conditions, and requests a channel encryption 
key from the selected users. Also, the key obtainer 4 stores 
the channel encryption key in the memorizer 2 upon the 
request. The method of selecting users from which a channel 
encryption key is requested is not limited to any particular 
method. For instance, users can be selected randomly by 
generating random numbers. Alternatively, the users can be 
selected from the users who have the key distribution 
property in order of participation in the channel. If there is 
no response from the selected user terminal for more than a 
certain period of time due to such reasons as the selected 
user terminal is busy or the communication path is crowded, 
the key obtainer 4 selects another users terminal, and 
requests the channel encryption key from the newly selected 
user terminal. 

A request for a channel encryption key includes prede- 
termined information and a user certificate. The predeter- 
mined information includes at least channel name and user 
information such as nickname which specifies the requesting 
user. The user certificate includes information regarding the 
user, a public key of the requesting user and an electronic 
signature from a Certificate Authority (CA), which certifies 
the information in the certificate. The certificate is usually 
authorized by a Certificate Authority (CA), but can also be 
authorized by the chat server to which the users terminal is 
connected, or by the user from which the channel encryption 
key is requested. 

A request for a channel encryption key is made when the 
key obtainer 4 recognizes an encrypted communication. 
More specifically, it is when the key obtainer 4 recognizes 
that the channel is in the encryption mode, e.g., where all the 
communications within the channel are encrypted, or when 
an encrypted communication or conversation message is 
received. 

In the case where the channel is in the encryption mode, 
there should be a command for setting an encryption mode, 
where all the communications or conversation messages 
within the channel are encrypted. The command for setting 
such encryption mode can be, for instance, a command that 
utilizes an extension of "MODE" command, such as 
"MODE #CH1 +c". Usually, when a chat client 10 partici- 
pates in a channel, the mode set in the channel is reported to 
the chat client 10. The key obtainer 4 retrieves the mode 
from the coordinator 11 of the chat client 10, and requests a 
channel encryption key if the channel is in the encryption 
mode. 

In the case where the channel is not in the encryption 
mode but an encrypted conversation message is received, an 
encryption flag can be sent with each of the conversation 
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messages sent out for indicating whether the conversation a one way function such as a hash function to the retrieved 
message is encrypted or not. A regular chat system generates channel encryption key, and sends both the encrypted chan- 
a conversation message that includes actual conversation nel encryption key and the encryption key ID to the request- 
content and a send command, which is a command to send m g user - 

the conversation message. In this embodiment, a conversa- 5 The encryption key ID only has to specify the channel 

tion message generated further includes an encryption flag, encryption key uniquely. Therefore, a serial number, or the 

which shows the encryption mode for the message being on dat e and lirae the channel encryption key is generated can 

(0) or off (1). The encryption flag is preferably at the *k° be an encryption key ID. 

beginning of the conversation message. If the encryption ID is sent along with the request for 

T t , c a ** i Trk m channel encryption key, the key distributor 5 sends the 

Instead of an encryption flag, an encryption key ID can 10 l ^ ^ ^ C J ds t0 ^ enerypUon 

also be utilized. As will be described later, the encryption , ID 

flag is added to conversation content of the message by the ^ ' r 6 ^ tion k and 

encrypter/decrypter 8. When the encrypter/decrypter 8 can sends th / ch [ nnel encryption keys to other user terminals at 

not decrypt conversation content that it received from the appropriate times. For example, new channel encryption 

chat client 10, the key obtainer 4 requests a channel encryp- « keys can be generated every certain period of tirne . Also, the 

tion key according to a command received from the new channel encryption keys can be generated based upon 

encrypter/decrypter 8. The command from the encrypter/ ^ mmb&T of conversation mesS ages or the amount of 

decrypter 8 will be described later. Also, a more detailed conversau0 n data occurring in the chat client. In other 

explanation will follow regarding a case where the wor ds, a new channel encryption key can be generated every 

encrypter/decrypter 8 can not decrypt a conversation con- 2° ^ ^ number of conversauon messages has been 

tent - made, or a certain amount of conversation data has been 

Preferably, the channel encryption key that the key made. Furthermore, a new channel encryption key can be 

obtainer 4 receives is encrypted with a public key of the generated by watching user information. For example, a new 

requesting user. The key obtainer 4 obtains the channel channel encryption key can be generated when the number 

encryption key by decrypting the encrypted channel encryp- 0 f us^s in the channel increases by a predetermined number 

tion key with the private key of the user. In another case, the SU ch as 1. Alternatively, a new channel encryption key can 

key obtainer 4 receives an encryption key ID and the be generated when the topic of the channel changes, or when 

encrypted channel encryption key. The key obtainer 4 a certain period of time elapses since the last conversation 

decrypts the encrypted channel encryption key and stores the ^ message is made, or when a user requests that a new channel 

obtained channel encryption key and the encryption key ID encryption key be made. 

in the encryption key list of the memorizer 2. -j^e key updater 6 can be configured to send out the new 

If the requesting user terminal does not have the key channel encryption key right after the new channel encryp - 

update property, or the key update property of the requesting tion key is generated. However, it is preferable that the new 

user terminal does not have the first priority, the key obtainer 35 channel encryption key be sent out when conversation in the 

4 obtains a new channel encryption key from other user channel stops, instead of in the middle of a conversation so 

terminals. The newly obtained channel encryption key is that the conversation is not interrupted, 

encryp ted with the second latest channel encryp tion key next ^ new channel encryption key can be generated by 

to the newly received channel encryption key. Therefore the combining information such as secret information stored in 

key obtainer 4 retrieves the second latest channel encryption 4Q a user terminal, time information, and information unique to 

key from the memorizer 2, and decrypts the newly obtained me channel, and applying a one way function such as a hash 

channel encryption key with the second latest channel function to the combined information. The secret informa- 

encryption key. Then, in a similar manner, an encryption key t ion stored in a user terminal should be information that is 

ID is obtained from the decrypted channel encryption key, difficult for an unknown party to guess, such as a serial 

and is stored in the encryption list, such that the encryption 45 num ber of the motherboard of the terminal, or an address of 

key ID and the channel encryption key correspond to each a certain program. It is even more preferable if the secret 

other. information is a kind of information that changes over time, 

If a new channel encryption key is not received after a instead of static information, 

predetermined period of time, during which a channel The time information, which a time datum of the time 

encryption key should be updated, the key obtainer 4 5Q when the channel encryption key is generated, is obtained 

requests the user administrator 3 that the order of key update through a time datum obtainment program routine. The time 

be changed. Upon receiving the request, the user adminis- datum obtainment program routine utilizes an internal clock 

trator 3 changes the order of key update property to an 0 f a user terminal, which is usually provided in an operating 

earlier order. Updating of the channel encryption key will be system that runs on the user terminal. The time datura takes 

described more in detail later. S5 a form of a cumulative number of seconds since Jan. 1, 1970, 

The key distributor 5 verifies requests for channel encryp- which is the datum that the time datum obtainment program 

tion key received from other user terminals. The request for routine outputs, and is therefore generally utilized. The 

channel encryption key, as well as the user certificate channel specific information can be information such as 

received from the requesting user is utilized to verify the channel name, or a password assigned to the channel, 

request. 60 It is more preferable from the point of view of security 

Once the requester is proven to be a registered user as a that the new channel encryption key is sent after being 

result of the verification, the latest channel encryption key is encrypted, rather than being sent without being encrypted, 

retrieved from the encryption key list. The latest channel For instance, if the new channel encryption key is sent after 

encryption key is encrypted with the public key of the being encrypted with the second latest channel encryption 

requesting user, which was included in the user certificate of 65 key, it is more difficult for an unknown party to decrypt the 

the request. The key distributor 5 also obtains the encryption encryption, while the receiving terminal can decrypt the 

key ID of the retrieved channel encryption key by applying encryption. 
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The channel encryption key should be generated and 
distributed according to the key update property in the user 
information. In other words, the channel encryption key 
should be generated and distributed only when the key 
update property is granted to the user in the user informa- 5 
tion. As described above, the key update property is con- 
figured at each user terminal by the user administrator 3. 
When the order or sequence for updating the channel 
encryption key and the key update property of the users are 
already set, the channel encryption key should be updated in 10 
a following manner. 

In the user terminal, which is first in the key updating 
sequence, the key updater 6 generates a new channel encryp- 
tion key in a manner described above, at a predetermined 
time, and later sends the channel encryption key to the other 15 
user terminals in the channel. In the case of the user terminal 
which is second or later in the key updating sequence 
receives the channel encryption key from the first order user 
terminal. If a new channel encryption key is not sent to a 
user terminal after a predetermined period of time, the 20 
non-receiving user terminal determines that the first order 
user terminal was not able to send the channel encryption 
key to the user terminal for some reason. This determination 
is made by the key obtainer 4 as described above. Then, the 
user administrators 3 in all receiving user terminals change 25 
the updating sequence or order upward, whereby the next 
user terminal with the key update property generates and 
distributes a channel encryption key. 

If the chat client 10 of the user terminal is first to open a 
channel, the key generator 7 of the user terminal generates 30 
the first channel encryption key. New channel encryption 
keys are then generated in a similar manner by other user 
terminals in accordance with the key updating sequence in 
the channel. 35 

As mentioned above, the channel encryption key is pref- 
erably based upon combining secret information of the user 
terminal, time information and channel specific information. 
A hash function is then applied to the combined information. 
The time information, for instance, can be a time datum of 4Q 
the time when the channel was opened. 

The key generator 7 then generates an encryption key ID 
by applying hash function to the channel encryption key in 
a similar manner in which the key distributor 5 generates an 
encryption key ID. Then, the channel encryption key and the 45 
encryption key ID are stored in the memorizer 2, such that 
the channel encryption key and the encryption key ID 
correspond to each other. 

The encrypter/decrypter 8 retrieves the channel encryp- 
tion key from the memorizer 2 when an encrypted conver- 50 
sation message is sent from the assignor 12 of the chat client. 
Details of the assignor 12 will be described later. The 
encrypter/decrypter 8 then decrypts the encrypted conver- 
sation message using the retrieved channel encryption key. 
The latest channel encryption key is usually utilized to 55 
decrypt the conversation message. However, if the 
encrypted conversation message bears an encryption key ID 
at the beginning thereof, the channel encryption key that 
corresponds to the encryption key ID should be utilized to 
decrypt the conversation message. eo 

If the encrypter/decrypter 8 can not decrypt the conver- 
sation message, the encrypter/decrypter 8 directs the key 
obtainer 4 to request an updated channel encryption key. The 
conversation message can not be decrypted in the case 
where the channel encryption key that corresponds to the 65 
encrypted conversation message is not stored in the memo- 
rizer 2. Also conversation message can not be decrypted in 
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the case where the channel encryption key that corresponds 
to the encryption key ID that is sent with the encrypted 
conversation message is not stored in the memorizer 2. The 
decrypted conversation message is again sent to the chat 
client, and then displayed in the screen of the user terminal, 
as in the case of a regular message. 

Once the encrypter/decrypter 8 receives a conversation 
message to be encrypted from the assignor 12, the encrypter/ 
decrypter 8 encrypts the conversation message using the 
latest channel encryption key. Preferably, an encryption flag 
or an encryption key ID is attached to the beginning of the 
encrypted conversation message. Thereafter, the conversa- 
tion message is sent to the chat client 10. The chat client 10 
sends the conversation message and data received from the 
security system 1 with a send command attached thereto, as 
in the case of a regular conversation message. 
Chat Client 

As shown in FIG. 1, the chat client 10 according to this 
embodiment includes the coordinator 11 and the assignor 12, 
which function with one or more elements of the security 
system 1. The coordinator 11 interprets commands sent and 
received by the chat client 10, and assigns processes to each 
element of the security system 1. More specifically, once the 
coordinator 11 interprets a command by which the user 
information changes, the coordinator 11 reports to the user 
administrator 3 about the change of the user information. 
Examples of such command include "PART", which is a 
command that shows that a user has left, "JOIN", which is 
a command that shows that a user has joined, "MODE #CH1 
+0", which is a command to grant authority of a channel 
operator, "MODE #CH1 +d userA", which is a command to 
grant the key distribution property, and "MODE #CH1 +xn 
userA", which is a command to grant the key update 
property and the order thereof. The coordinator 11 also 
receives from the user administrator 3 "MODE #CH1 +d 
userA", which is a command to grant the key distribution 
property, and "MODE #CH1 +xn user A", which is a com- 
mand to grant the key update property and the order or 
sequence thereof, and executes corresponding processes. 

When the coordinator 11 interprets commands such as a 
command to grant a channel encryption key and a command 
to set the encryption mode, the coordinator 11 reports to the 
key obtainer 4. The coordinator 11 also receives from the 
key obtainer 4 a command to request obtainment of a 
channel encryption key, and executes corresponding pro- 
cesses. 

Once the coordinator 11 interprets a command to request 
a channel encryption key, the coordinator 11 reports the 
request to the key distributor 5. Also, upon receiving a 
request from the key distributor 5, the coordinator 11 accepts 
a command to grant a channel encryption key, and executes 
corresponding processes. 

If the beginning of a text message sent to the chat client 
10 includes an encryption flag such as a "1" or an encryption 
ID, the assignor 12 sends a command to decrypt to the 
encrypter/decrypter 8. More specifically, the assignor 12 
sends the encryption flag or the encryption ID along with the 
encrypted conversation message to the encrypter/decrypter 
8. 

The assignor 12 can also accept a request from the user as 
whether or not to encrypt a conversation message. If encryp- 
tion is requested, the inputted conversation message is *sent 
to the encrypter/decrypter 8. The request to or not to encrypt 
can be made by switching a command button between on 
and off. The command button is shown on the users display 
screen using GUI (graphic user interface). The assignor 12 
then handles the conversation message encrypted by the 
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encrypter/decrypter 8 with an encryption flag or an encryp- 
tion ID attached thereto, in a similar manner in which a 
regular conversation message is handled. In other words, the 
encrypted conversation message is given a send command 
by the chat client 10 as in the case with a regular conver- 5 
sation message, and is then sent out as a comment made in 
a chat system. 
Process Flow 

A main process executed by the security system 1 will 
now be explained below. FIG. 3 is a flow chart that shows 10 
a process flow of a main routine executed by the security 
system 1. FIGS. 4-6 show details of processes that occur in 
the main routine. Specifically, FIG. 4 is a flow chart of a key 
obtainment process, in which a channel encryption key is 
obtained from another user terminal. FIG. 5 is a flow chart 15 
of a key distribution process, in which a channel encryption 
key is distributed to other user terminals. FIG. 6 is a flow 
chart of a request verification process, in which a request for 
a channel encryption key from another user is verified. FIG. 
7 is a flow chart of a key update process, which is executed 20 
independently from the main routine, in which the channel 
encryption key is updated upon the occurrence of a prede- 
termined condition or conditions. 

(1) Main Routine 

The process of the main routine shown in FIG. 3 starts as 25 
a chat client 10 in a user terminal participates in a channel 
or opens a channel. For the sake of simplicity, explained 
below is a case where the user who opened the channel is the 
channel operator which has been given the key distribution 
property and the key update property. 30 

At step SI, the user administrator 3 sets the key distri- 
bution property and the key update property, such that the 
key distribution property and the key update property cor- 
respond to the channel operator property in the user infor- 
mation. 35 

At step S2, the user administrator 3 determines whether 
the user has opened the channel. Of course, if there is only 
one user in the channel, then the only chat client that is 
participating in the channel is the users own chat client, 
which is the one that opened the channel. Therefore, the user 40 
administrator 3 proceeds to step S3. If there is more than one 
user in the channel, the users who did not open the channel 
do not proceed to step S3. Rather, the user administrator 3 
of each of these users proceed to step S4 to obtain a channel 
encryption key. 45 

At step S3, the key generator 7 generates a channel 
encryption key at the user terminal of the user who opened 
the channel. Furthermore, an encryption key ID is attached 
to the generated channel encryption key. Then the channel 
encryption key and the encryption key are stored in the 50 
encryption key list of the memorizer 2. The security system 
1 of this user then proceeds to step S5. 

At step S4, the users that did not open the channel request 
a channel encryption key from another user terminal through 
the key obtainment subroutine, and thereby obtains a chan- 55 
nel encryption key. The key obtainment subroutine will be 
described in more detail later. 

At step S5, users who have the key distribution property 
distribute the current channel encryption key to other user 
terminals through the key distribution subroutine, which will 60 
be described later. 

At step S6, the security system 1 of each user determines 
whether the chat client 10 is leaving the channel or not. If the 
chat client 10 is leaving, the main routine process is termi- 
nated. If the chat client 10 is not leaving, the security system 65 
1 returns to step S5, and distributes the channel encryption 
key upon request from another user. 
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Although not shown in the Figures, the user administrator 

3 of each user receives a status report from its chat client 10 
regarding a change in the user information in a manner 
separate from the main routine. The user administrator 3 
updates the key distribution property and the key update 
property according to the reports. 

(2) Key Obtainment Process 

The key obtainment process occurs at step S4 of the main 
routine. The key obtainment process is explained with 
reference to FIG. 4. 

At step Sll, the key obtainer 4 determines whether the 
encryption mode is on or off. If the encryption mode is on, 
then all conversation messages are encrypted. Therefore, the 
key obtainer 4 proceeds to step S13 to obtain a channel 
encryption key. If the encryption mode is off, the key 
obtainer 4 proceeds to step S12. 

At step S12, the key obtainer 4 determines whether the 
encrypter/decrypter 8 has issued a command to obtain a key. 
If a conversation message with an encryption flag such as 
"l"or an encryption key ID attached thereto is received 
while a channel encryption key has not been obtained, the 
encrypter/decrypter 8 should send a command to the key 
obtainer 4 to request obtainment of a key. At step S12, the 
key obtainer 4 waits for the command from the encrypter/ 
decrypter 8, and proceeds to step S13 when the command is 
issued. 

At step S13, the key obtainer 4 generates a random 
number to select a user from other users in the channel. 

At step S14, based on the random number generated, the 
key obtainer 4 selects a user from the other users in the 
channel that have the key distribution property. 

At step S15, the key obtainer 4 of the requesting user 
retrieves from its memorizer 2 a public key. The key obtainer 

4 of the requesting user attaches the channel name and 
nickname to the requesting user's user certificate that 
includes the public key of the requesting user. The key 
obtainer 4 of the requesting user sends out a request for a 
channel encryption key to the selected user. As described 
above, if the encrypted conversation message requires a 
particular channel encryption key identified by an encryp- 
tion key ID that is attached to the encrypted conversation 
message, the key obtainer 4 requests the channel encryption 
key by specifying the encryption key ID. If a channel 
encryption key is requested because the encryption mode is 
turned on or an encrypted conversation message is received 
with an encryption flag "1" attached thereto, the key obtainer 
4 sends a request for a channel encryption key without 
specifying an encryption key ID. 

At step S16, the key obtainer 4 determines whether the 
requesting user has received a channel encryption key and 
its encryption key ID or not. If the requesting user has not 
received the channel encryption key and the encryption key 
ID, the key obtainer 4 of the requesting user proceeds to step 
S17. If the requesting user has received them, the key 
obtainer 4 of the requesting user proceeds to step S18. 

At step SI 7, the key obtainer 4 determines whether a 
predetermined time T has elapsed. If the time T has not 
elapsed, the key obtainer 4 of the requesting user returns to 
step SI 4, and waits for the channel encryption key. If the 
predetermined time T has elapsed, the key obtainer 4 of the 
requesting user determines that the selected user is not able 
to send the channel encryption key for some reason, and 
returns to step S13 to select another user terminal for 
obtaining a current channel encryption key. 

At step S18, the key obtainer 4 of the requesting user 
decrypts the encryption key that the requesting user 
received, using the private key of the requesting user, 
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thereby obtaining the channel encryption key. The key includes information based upon the issued user certificates, 

obtainer 4 stores in the encryption key list the channel including electronic signatures issued by a Certificate 

encryption key along with the encryption key ID that the Authority (CA). 

requesting user received along with the encryption key. At step S34, the key distributor 5 determines whether the 

Then, the key obtainment process is terminated. 5 electronic signature is registered in the authentication data- 

(3) Key Distribution Process base (DB) based on the result of the search. If the electronic 
The key distribution process occurs at step S5 of the main signature is not registered, the key distributor 5 proceeds to 

routine. The key distribution process is explained with step S391. If the electronic signature is registered, the key 

reference to FIG. 5. distributor 5 proceeds to step S35. 

At step S21, the key distributor 5 refers to the user 10 At step S35, the key distributor 5 retrieves the public key 

information, and thereby determines whether the user ter- of the authenticator from the authentication database (DB). 

minal has the key distribution property. If the user terminal At step S36, the key distributor 5 decrypts the electronic 

does not have the key distribution property, the process is signature with the public key of the authenticator, thereby 

terminated. Otherwise, the key distributor 5 of the user obtaining a message digest (MD) of the user certificate, 

proceeds to step S22. 15 At step S37, the key distributor 5 retrieves a portion of the 

At step S22, the key distributor 5 of the user determines user certificate to which the electronic signal is applied, and 

whether the user terminal has received a request for a calculates a message digest (MD 1 ) using a conventional 

channel encryption key from another user terminal. If the algorithm. Examples of such conventional algorithm include 

user terminal has received a request for a channel encryption MD5 and SHA. 

key, the key distributor 5 proceeds to step S23. Otherwise, 20 At step S38, the key distributor 5 compares the two 

the key distributor 5 waits until the user terminal receives a message digests, and proceeds to step S39 if the message 

channel encryption key. digests are identical. If the message digests are different, the 

At step S23, the key distributor 5 executes a request key distributor 5 proceeds to step S3 91. 

verification subroutine, in which the legitimacy of the At step S391, the key distributor 5 determines that "the 

requesting user is verified and a verification result is 25 requesting user is legitimate". 

obtained. Details of the request verification subroutine will At step S391, the key distributor 5 determines that the 

be described later. requesting user is illegitimate, and sends a report to the 

At step S24, the key distributor 5 determines whether the requesting user to inform the illegitimacy, 

requesting user is legitimate or not based on the verification (5) Key Update Process 

result. If the requesting user is not legitimate, the key 30 The key update process, which is executed independently 

distributor 5 proceeds to step S25. If the requesting user is from the main routine, is explained with reference to FIG. 7. 

legitimate, the key distributor 5 proceeds to step S26. At step S41, the key updater 6 determines whether the 

.At step S25, the key distributor 5 executes processes such user terminal has the key update property, by referring to the 

as sending a message to the illegitimate user to inform that user information. If the user terminal does not have the key 

the channel encryption key can not be delivered. 35 update property, the key updater 6 proceeds to step S50. If 

At step S26, since the legitimacy of the requesting user the user terminal has the key update property, the key 

has been verified, the key distributor 5 retrieves a public key updater 6 proceeds to step S42. 

of the requesting user from the requesting user's user At step S42, the key updater 6 determines whether the 

certificate, which is sent along with the request for a channel update sequence or order of the user terminal, which is given 

encryption key. 40 together with the key update property. Specifically, the key 

At step S27, the key distributor 5 retrieves the latest updater 6 at step S42 determines whether the user terminal 

channel encryption key from the encryption key list. If an is first (next) or not. If the order or sequence is first, the key 

encryption key ID has been sent with the request, the key updater 6 proceeds to step S43. If the order or sequence is 

distributor 5 retrieves a channel encryption key that corre- second or later, the key updater 6 proceeds to step S50. 

sponds to the encryption key ID, instead of the latest key. 45 Details of step S50 will be described later. 

Then, the key distributor 5 obtains an encryption key ID of At step S43, the key updater 6 waits for a predetermined 

the retrieved channel encryption key by applying hash trigger. If a predetermined trigger occurs, the key updater 6 

function to the channel encryption key. proceeds to step S44. For the sake of simplicity, it is 

At step S28, the key distributor 5 encrypts the channel assumed here that a channel encryption key is updated when 

encryption key with the public key of the requesting user. 50 there is only one user in the channel or when a predeter- 

At step S29, the key distributor 5 sends the encrypted ' mined period of time elapses. More specifically, the key 

channel encryption key and the encryption key ID to the updater 6 proceeds to step S44 when there is only one user 

requesting user terminal via the chat client 10. The key left in a channel, or when a predetermined period of time 

distributor 5 returns to the main routine. elapses since the last time a channel encryption key is 

(4) Request Verification Process Subroutine 55 updated, even if there are still more than one users in the 
The request verification process occurs at step S23 of the channel. 

key distribution subroutine. The request verification process At step S44, the key updater 6 generates a channel 

is explained with reference to FIG. 6. encryption key according to a predetermined rule. For 

At step S31, the key distributor 5 retrieves the user instance, a new channel encryption key can be generated by 

certificate of the requesting user, which has been sent along 60 applying a hash function to a combination of an address of 

with the request for a channel encryption key. the user terminal in which this program is stored, the time at 

At step S32, the key distributor 5 retrieves an electronic which the trigger occurred, a password for the channel, and 

signature from the user certificate. the channel name. An encryption key ID for the new channel 

At step S33, the key distributor 5 searches for the encryption key is obtained by applying hash function to the 

retrieved electronic signature from the authentication data- 65 new channel encryption key. 

base. Each authorized user terminal is usually provided with At step S45, the key updater 6 obtains the second latest 

an authentication database. The authentication database channel encryption key from the encryption key list. 
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At step S46, the key updater 6 encrypts the new encryp- If the chat client 10 has left, the process is terminated, 

tion key with the second latest channel encryption key. Otherwise, the security system 1 returns to step S41, and 

At step S47, the key updater 6 determines when the repeats the previously described processes, 
encrypted new channel encryption key should be sent out 

based on frequency of conversation message at the time. For 5 Second Embodiment 
instance, if a predetermined period of time elapsed since the 

last comment made, the key updater 6 determines that the If two chat clients 10 conduct a one-to-one conversation, 

conversation has finished, and proceeds to step S48, the key obtainer 4 of the user terminal which starts the 

Otherwise, the key updater 6 determines that the conversa- conversation sends a request for a session key to the other 

tion still continues intermittently, and repeats step S47 to user terminal, with the public key of the requesting user 

wait for the conversation to finish. terminal attached thereto. 

At step S48, the key updater 6 sends the encrypted new i n tne requested user terminal, the key generator 7 gen- 
channel encryption key and the encryption key ID to other crates a ^ssion key, and sends the session key to the 
user terminals via the chat client 10. requesting user after encrypting the session key with the 

At step S49, it is determined whether the chat client 10 of Mic k of the reque sting user. As in the first embodiment, 

the user terminal has left from the channel. If the chat client ^ scssion k can bc atcd b ^ hash 

10 has left, the process is ; terminated. Otherwise, the key combinat l orl of information unique to requesting and 

updater 6 returns to step S42, and repeats the above men- tJ . .... , * a 

. r , r > r requested user terminals, time, and secret into rmation stored 

tioned processes. -j .t_ * • 1 

If it is determined that the user terminal does not have the xnside the usor terminal - 

key update property at step S41, or if the order or sequence 20 Also, similar to the first embodiment, a new session key 

of the key update property is second or later at step S42, the should be sent to the requesting user after encrypting the 

key updater 6 proceeds to step S50 to obtain a new channel new session key with the second latest session key next to 

encryption key the newly generated session key. It is also similar to the first 

At step S50, the key obtainer 4 waits until a predeter- embodiment that the new session key should be encrypted 

mined period of time elapses since the last time a channel 25 with the public key of the requesting user terminal before 

encryption key is updated. The key obtainer 4 proceeds to sending the session key to the requesting user, 

step S51 when the predetermined period of time elapses. In The key obtainer 4 of the requesting user terminal 

this embodiment, the key obtainer 4 monitors the amount of decrypts the session key using its own private key, and stores 

time since the last time the channel encryption key was the session key in the memorizer 2. Thereafter, these users 

updated by monitoring an internal clock inside the user 30 se nd messages to each other after encrypting the messages 

terminal. with the session key. 

At step S51, the key obtainer 4 determines whether the timings and conditions of updating the session key 

user has received a new channel encryption. If the user has are s i m ii ar to those in the first embodiment. That is, the 

not received a new channel encryption key, the key obtainer session key is updated when a predetermined period of time 

4 requests the user administrator 3 to shift the key updating 35 elapses, wne n there is more than a predetermined number of 

order or sequence upward, and then proceeds to step S52, If conversation messages, or when there is more than a pre- 

the user receives a new channel encryption key, the key determined data amount of conversation message. The ses- 

obtainer 4 proceeds to step S54. Details of step S54 will be sion key can be updated either by the user who started the 

described later. conversation, or by the other user. The session key can also 

At step S52, the user administrator 3 shifts up the key 40 be updated by the user who sent the last message, or by the 

updating sequence or order of the user, whose order or user wno received the last message, 

sequence of the key update property has been by then second ob viously> ih& key distributor 5 of the user terminal that 

or later, thereby rewriting the user information. In this .way, a gt for stafti conversation verifies the 

the order or sequence of all the users whose position m the { iti of the blic k attached to the request. If the 

key updating sequence have been second or later prior to the 45 q ^ ifiegitimate, the key distributor 5 of the 

rewriting are shifted to the next earlier positions requested user terminal rejects the request. One example of 

At step S53, the key updater 6 determines whether the le £ timate bUc k mclude a 51ic key ^ an electronic 

order or sequence of the user has become first in the ^ of ^ authenticat which ^ usually stored inside 

sequence due to the rewriting. If the order or sequence is first a ^ e k of public key 

in the key updatmg sequence, the key updater 6 proceeds to 50 & bHc k ^ m electronic signature of the 

step S43 to change the channel encryption key. If the order sefver tQ wWch ^ user tefminal ig connected> or a public 

or sequence in the key updating sequence is second or later, ^ an ekctronic si ature of the requesting user . 
the key updater 6 proceeds to step S50 to obtain a new 

channel encryption key. Embodiment 

At step S54, now that a new channel encryption key is 55 

obtained from another user terminal, the key obtainer 4 Although in the first embodiment the key distribution 

decrypts the encrypted channel encryption key using the property and the key update property are granted by the user 

second latest channel encryption key next to the newly administrator 3* which is in the security system 1, the key 

received channel encryption key, thereby obtaining a new distribution property and the key update property can also be 

channel encryption key. 60 granted in other ways. For instance, the channel encryption 

At step S55, the key obtainer 4 stores the new channel key distribution property and the key update property can be 

encryption key and the new corresponding encryption key granted as part of user property on the chat system, in a 

ID in the encryption key list in the memorizer 2, such that similar manner in which the channel operator property is 

the channel encryption key and the encryption key ID granted. In this case, each chat client 10 retrieves the key 

correspond to each other. 65 distribution property and the key update property from the 

At step S56, the security system 1 determines whether the chat server, as part of the user information, together with 

chat client 10 of this user terminal has left from the channel. nickname and the channel operator property. The chat client 
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10 then stores this information in user information database 
(DB) 9. The security system 1 refers to the user information 
in the user information database (DB) 9 to execute the 
previously described processes. 

Fourth Embodiment 

Although the key obtainer 4 monitors the times at which 
the channel encryption key should be updated in the first 
embodiment, it is also possible to determine times at which 
the channel encryption key is updated in other ways. For 
instance, the key generator 7, the key distributor 5, and the 
key updater 6 send a channel encryption key together with 
the time at which the channel encryption key should be 
updated. In other words, each user terminal has a channel 
encryption key and expiration time of the channel encryp- 
tion key. In this way, the key obtainer 4 of each user terminal 
recognizes that the expiration time of the channel encryption 
key is the time when the channel encryption key should be 
updated. By sending the channel encryption key together 
with the expiration time thereof, it is possible to configure a 
channel encryption key such that the channel encryption key 
is updated at every predetermined period of time or at any 
desired time. 

However, internal clocks of different user terminals may 
have different times. In this case, the expiration time of a 
channel encryption key should be described with a relative 
time and a base time, rather than the time according to the 
internal clock. The base time is the time at which the channel 
encryption key is generated. The relative time is preferably 
the length of time since the time at which channel encryption 
key was generated. Alternatively, the relative time is the 
length of time before expiration of the channel encryption 
key. 

A channel encryption key can also be updated when 
certain situations arise. For example, the channel encryption 
key can be updated when there is only one user left in the 
channel, as opposed to when a predetermined time comes. In 
this case, it is possible that a channel encryption key is not 
updated for a long time because the predetermined situation 
has not arisen. Following measures can be taken to prevent 
this from happening. 

Usually, an algorithm used for generating a key provides 
the key with an expiration time. The key generator 7, the key 
distributor 5, and the key updater 6 can send to each user 
terminal the channel encryption key together with the expi- 
ration time. If the predetermined situation has not arisen 
until the expiration time of the channel encryption key, the 
key obtainer 4 determines that the expiration time is the time 
when the channel encryption key should be updated. 
Effect of Invention 

The present invention allows a channel encryption key to 
be administered in a manner dispersed among chat clients 
10, whereby users can share the channel encryption keys by 
distributing the channel encryption key after encrypting the 
key with public key encryption. 

Since a channel encryption key is generated and distrib- 
uted among users without any involvement of the chat server 
therein, messages are not likely to be decrypted by an 
unwelcome party at the chat server. Accordingly, privacy of 
conversation in a channel can be better protected. Also since 
the users encrypt and decrypt messages, the burden of 
encrypting/decrypting is dispersed among users, thereby 
relieving the chat server's burden. 

While several embodiments have been chosen to illustrate 
the present invention, it will be apparent to those skilled in 
the art from this disclosure that various changes and modi- 
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fications can be made herein without departing from the 
scope of the invention as defined in the appended claims. 
Furthermore, the foregoing description of the embodiments 
according to the present invention are provided for illustra- 
tion only, and not for the purpose of limiting the invention 
as defined by the appended claims and their equivalents. 
What is claimed is: . 

1 . A security method of ensuring privacy and security in 
a communication system where communication devices are 
configured to conduct simultaneous two-way communica- 
tion via a single network, said security method comprising: 

storing a plurality of encryption keys and corresponding 
key identifications in each communication device; 

obtaining from one of the communication devices prede- 
termined user information when a communication 
device participates in the network and storing the user 
information including at least a list of the other com- 
munication devices that participate in the network in 
the participating communication device; 

selecting a communication device from the other com- 
munication devices in the stored list, requesting from 
the selected communication device the stored encryp- 
tion key of the selected communication device, and 
storing the requested encryption key sent from the 
selected communication device in response to the 
requesting; 

distributing a stored encryption key to a requesting com- 
munication device, upon receiving a request for the 
stored encryption key from the requesting communi- 
cation device to the requesting communication device; 

receiving communication contents from at least one of the 
communication devices and encrypting the communi- 
cation contents using one of the stored encryption keys, 
and transmitting to one of the other communication 
devices via the network the encrypted communication 
contents along with the corresponding key identifica- 
tion identifying one of the stored encryption keys used 
to encrypt the communication contents; and 

receiving encrypted communication contents and a key 
identification from at least one of the communication 
devices and decrypting the communication contents by 
examining whether an encryption key identified by the 
key identification is previously stored, and requesting 
the encryption key from one of the communication 
devices by specifying the identification key, if the 
encryption key is not previously stored. 

2. A security system to be utilized in a communication 
device adapted to conduct simultaneous two-way commu- 
nication with other communication devices sharing a single 
network, said security system comprising; 

memorizing means for memorizing an encryption key 
adapted to encrypt and decrypt communication con- 
tents within the shared network; 

encrypting means for obtaining communication contents 
from the communication device and encrypting the 
communication contents with the encryption key; 

decrypting means for obtaining communication contents 
from the communication device and decrypting the 
communication contents with the encryption key; 

user administering means for obtaining from the commu- 
nication device predetermined user information when 
the communication device participates in the network, 
and storing the user information in said memorizing 
means, the user information including at least a list of 
other communication devices that participate in the 
network; 
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key obtaining means for selecting a communication 
device from one of the other communication devices in 
the list, requesting an encryption key from the selected 
communication device, and storing the encryption key 
in said memorizing means when the encryption key is 
sent from the selected communication device upon the 
request; and 

key distributing means for retrieving an encryption key 
from said memorizing means and distributing the 
encryption key to another communication device when 
the another communication device sent a request for the 
encryption key; 

wherein 

said memorizing means stores a plurality of encryption 
keys and corresponding key identifications, 

said encryption means sends a key identification and 
communication contents to the network via the com- 
munication device said key identification identifying 
the encryption key used for encrypting the commu- 
nication content, 

said decrypting means examines whether an encryption 
key identified by the key identification is stored in 
said memorizing means, and 

if the encryption key identified by the key identification 
is not stored in said memorizing means, said key 
obtaining means requests obtainment of the encryp- 
tion key by specifying the key identification. 

3. A security system as set forth in claim 2, wherein 
said security system is adapted to be coordinated with 

coordinating meaas of the communication device; and 
the coordinating means is adapted to relay between the 
communication device and said security system a 
request for an encryption key, the encryption key sent 
upon the request, information regarding the user infor- 
mation and communication contents, with the commu- 
nication contents being relayed only when a predeter- 
mined condition is met. 

4. A security system as set forth in claim 2, wherein 
said user administering means grants key distribution 

property based on the user information and stores the 
key distribution property in said memorizing means, 
the key distribution property being adapted to allow 
distribution of an encryption key to another security 
system. 

5. A security system as set forth in claim 2, wherein 
said user administering means selects another communi- 
cation device based on a predetermined condition, 
grants key distribution property to the selected com- 
munication device, obtains from the communication 
device a setting of the key distribution property and a 
name of a communication device to which the setting 
applies, and stores the setting and the name of the 
communications device in said memorizing means. 

6. A security system as set forth in claim 2, wherein 
said user administering means accepts a selection of 

another communication device, and a command for 
granting and canceling the key distribution property to 
the selected communication device, the key distribution 
property allowing distribution of an encryption key, 
obtains from the selected communication device a 
setting of the key distribution property and a name of 
the communication device to which the setting applies, 
and stores the setting and the name of the communi- 
cation device in said memorizing means. 

7. A security system as set forth in claim 2, wherein said 
key obtaining means selects, based on a predetermined 
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condition, a communication device from which an encryp- 
tion key is requested. 

8. A security system as set forth in claim 2, wherein 
said key obtaining means selects, based on a predeter- 
mined condition, a communication device from which 
an encryption key is requested, requests an encryption 
key from the selected communication device, and if the 
communication device does not send the encryption 
key within a predetermined period of time, selects 
another communication device for requesting an 
encryption key therefrom. 

9. A security system as set forth in claim 2, wherein said 
key obtaining 

means requests obtainment of an encryption key when the 
communication contents are encrypted. 

10. A security system as set forth in claim 2, wherein 
said decrypting means determines that a request for an 

encryption key should be made when communication 
contents received from the communication device can- 
not be decrypted; and 
said key obtaining means requests obtainment of an 
encryption key based on the determination of said 
decrypting means. 

11. A security system as set forth in claim 2, wherein 
said key obtaining means sends a public key user from a 

public key encryption system along with the request for 
an encryption key, and decrypts the encryption key with 
a private key of the requesting user from the public key 
encryption system when the encryption key is sent; and 
said key distributing means distributes an encryption key 
after encrypting the encryption key with the public key 
from the public key from the public key encryption 
system of the requesting user. 

12. A security system as set forth in claim 2, wherein 
when a request for an encryption key is sent from a 

requesting communication device one of the other 
communication devices, said key distributing means is 
adapted to verify the request, retrieve one of the 
encryption keys based on a result of the verification, 
and send the encryption key to the requesting commu- 
nication device. 

13. A security system as set forth in claim 2, further 
including 

key updating means for updating an encryption key at a 
predetermined time, and distributing the updated 
encryption key to other communication devices. 

14. A security system as set forth in claim 2, further 
including 

key updating means for updating an encryption key at a 
predetermined time, and distributing the updated 
encryption key to other communication devices after 
encrypting the updated encryption key with the last 
encryption key. 

15. A security system as set forth in claim 13, wherein 
said key updating means generates an encryption key 

based on at least a combination of one of the following 
information: secret information stored inside each com- 
munication device, time information, and information 
unique to the network, 

16. A security system as set forth in claim 13, wherein 
said key updating means generates an encryption key by 

applying a one-way function, to any or a combination 
of secret information stored inside each communication 
device, time information, and information unique to the 
network. 
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17. A security system as set forth in claim 2, wherein 
said security system further including key updating means 

for updating an encryption key at a predetermined time 
based on a setting of a key updated property, and 
distributing the encryption key to the other communi- 5 
cation devices; and 
said user administering means sets said key update prop- 
erty based on the user information obtained, with said 
key update property being adapted to allow updating 
and distribution of an encryption key, and said key 
update property further being adapted to store the key 10 
update property in said memorizing means. 

18. A security system as set forth in claim 2, wherein 
said security system further including key updating means 

for updating an encryption key at a predetermined time 
based on a setting of a key update property, and 15 
distributing the encryption key to other communication 
devices; and 

said user administering means is adapted to select another 
communication device based on a predetermined con- 
dition when the user has said key update property 
which allows distribution of an encryption key, said key 20 
update property being adapted to grant said key update 
property to selected communication device, said key 
update property being adapted to obtain a setting of 
said key update property and a name of the communi- 
cation device to which the setting applies, and said key 25 
update property being adapted to store the setting and 
the name of the communication device in said memo- 
rizing means. 

19. A security system as set forth in claim 2, wherein 
said security system further including key updating means 

for updating an encryption key at a predetermined time 
based on a setting of a key update property and an 
updating sequence, and distributing the encryption key 
to other communication devices; and 
said user administering means grants said key update 
property and the updating sequence based on the 35 
obtained user information, and stores said key update 
property and the updating sequence in said memorizing 
means, with said key update property being adapted to 
update and distribution of an encryption key. 

20. A security system as set forth in claim 2, wherein 40 
said security system further including key update means 

for updating an encryption key at a predetermined time 
based on a setting of a key update property and an 
updating sequence, and distributing an encryption key 
to other communication devices; and 45 
said user administering means is adapted to select another 
communication device based on a predetermined con- 
dition when a user has said key update property, said 
key update property allowing updating and distribution 
of the encryption key, said key update property being 50 
adapted to grant the key update property and an updat- 
ing sequence to the communication device, said key 
updating property being adapted to obtain from the 
communication device settings for the key update 
property, the updating sequence and a name of the 
communication device to which the settings apply, said 55 
key update property being adapted to store the settings 
and the name of the communication device in said 
memorizing means, and rewrite the updating sequence 
as the user information changes. 

21. A communication system comprising: 60 
a plurality of communication devices adapted to conduct 

simultaneous two-way communication sharing a single 
network, each of said communication devices includ- 
ing: 

memorizing means for memorizing an encryption key 65 
adapted to encrypt and decrypt communication con- 
tents within the shared network; 
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encrypting means for obtaining communication contents 
from the communication devices, and encrypting the 
communication contents with the encryption key; 

decrypting means for obtaining communication contents 
from the communication devices and decrypting the 
communication contents with the encryption key, 

user administering means for obtaining from the commu- 
nication device predetermined user information when 
the communication device participates in the network, 
and storing the user information in said memorizing 
means, the user information including at least a list of 
other communication devices that participates in the 
network, 

key obtaining means for selecting a communication 
device from the communication devices in the list, 
requesting an encryption key from the selected com- 
munication device, and storing the encryption key in 
said memorizing means when the encryption key is sent 
from the selected communication device upon the 
request; and 

key distributing means for retrieving an encryption key 
from said memorizing means and distributing the 
encryption key to another communication device when 
the another communication device sent a request for the 
encryption key; 

wherein 

said memorizing means stores a plurality of encryption 

keys and corresponding key identifications, 
said encryption means sends a key identification and 
communication contents to the network via the com- 
munication device, said key identification identify- 
ing the encryption key used for encrypting the com- 
munication content, 
said decrypting means examines whether an encryption 
key identified by the key identification is stored in 
said memorizing means, and 
if the encryption key identified by the key identification 
is not stored in said memorizing means, said key 
obtaining means requests obtainment of the encryp- 
tion key by specifying the key identification. 
22. A computer readable recording medium to be utilized 
in a communication device adapted to conduct simultaneous 
two-way communication with other communication devices 
sharing a single network, said computer readable recording 
medium containing a security program therein, to control the 
communication device according to a process comprising: 
storing an encryption key adapted to encrypt and decrypt 

communication contents within the shared network; 
encrypting the communication contents with the encryp- 
tion key; 

decrypting the communication contents with the encryp- 
tion key; 

obtaining from the communication device predetermined 
user information when the communication device par- 
ticipates in the network, and storing the user informa- 
tion in memorizing means, with the user information 
including at least a list of other communication devices 
that participate in the network; 

selecting a communication device from the communica- 
tion devices in the list, requesting an encryption key 
from the selected communication device, and storing 
the encryption key in the memorizing means when the 
encryption key is sent from the selected communication 
device upon the request; and 
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retrieving an encryption key from the memorizing means 
and distributing the encryption key to another commu- 
nication device when the another communication 
device sent a request for the encryption key; 
wherein 5 
the storing comprises storing a plurality of the encryp- 
tion keys and corresponding key identifications, 
the encrypting comprises sending a key identification 
and communication contents to the network via the 
communication device, said key identification iden- 
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tifying the encryption key used for encrypting the 
communication content, 
the decrypting comprises determining whether an 
encryption key identified by the key identification is 
stored, and if the encryption key identified by the key 
identification is not stored, requesting the encryption 
key by specifying the key identification. 

***** 
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UNITED STATES PATENT AND TRADEMARK OFFICE 

CERTIFICATE OF CORRECTION 



PATENT NO. : 6,711,264 Bl Page 1 of 1 

DATED : March 23, 2004 

INVENTOR(S) : Tatsuro Matsumoto et al. 



It is certified that error appears in the above-identified patent and that said Letters Patent is 
hereby corrected as shown below: 



Title page, 

Add Assistant Examiner -- Kambie Zand - 
Column 26, 

Line 30, delete "to the requesting communication device"; 
Column 27, 

Line 18, after "device" insert , --. 
Column 28, 

Lines 13 and 14, replace current claim 9 with the following: 

- A security system as set forth in claim 2, wherein said key obtaining means requests 
obtainment of an encryption key when the communication contents are encrypted. 



Signed and Sealed this 
Ninth Day of November, 2004 




JON W. DUD AS 
Director of the United States Patent and Trademark Office 
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